Vulnerabilities > Insufficient Session Expiration

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-27	CVE-2021-3144	Insufficient Session Expiration vulnerability in multiple products In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. network low complexity saltstack fedoraproject debian CWE-613 critical	9.1
2021-02-19	CVE-2021-27351	Insufficient Session Expiration vulnerability in Telegram The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session. network low complexity telegram CWE-613	5.3
2021-02-09	CVE-2021-26921	Insufficient Session Expiration vulnerability in Argoproj Argo CD In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled. network low complexity argoproj CWE-613	6.5
2021-02-09	CVE-2020-4995	Insufficient Session Expiration vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session. network low complexity ibm CWE-613	5.3
2021-02-08	CVE-2020-6649	Insufficient Session Expiration vulnerability in Fortinet Fortiisolator An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks) network low complexity fortinet CWE-613 critical	9.8
2021-02-05	CVE-2021-3311	Insufficient Session Expiration vulnerability in Octobercms October An issue was discovered in October through build 471. network low complexity octobercms CWE-613 critical	9.8
2021-02-04	CVE-2020-14247	Insufficient Session Expiration vulnerability in Hcltechsw Onetest Performance 10.0.0/10.1.0/9.5.0 HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID. network low complexity hcltechsw CWE-613	6.5
2021-01-19	CVE-2021-3183	Insufficient Session Expiration vulnerability in Files FAT Client 3.3.6 Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access after a logout and a removal of a login profile. network low complexity files CWE-613	7.5
2021-01-13	CVE-2020-15220	Insufficient Session Expiration vulnerability in Combodo Itop Combodo iTop is a web based IT Service Management tool. network low complexity combodo CWE-613	6.1
2021-01-13	CVE-2020-15218	Insufficient Session Expiration vulnerability in Combodo Itop Combodo iTop is a web based IT Service Management tool. network low complexity combodo CWE-613	6.8